It is about 2 day I am strugiling to connect my Mikrotik 3011 to VPN at office. I am able to connect and use local IPs of office easily with my android phone but not with mikrotik (( I am total noob so please help.
My PPTP status shows connected but I can`t access local IPs of Office. Office router which is DD-WRT shows client connection.
Mikrotik network gateway is 192.168.1.1
Office DD-WRT network gateway is 192.168.2.1
Please see my Mikrotik configurration below:
Code: Select all
# may/13/2022 15:18:05 by RouterOS 6.48
# software id = LF55-EEJP
#
# model = RB3011UiAS
# serial number = jhjh
/interface bridge
add admin-mac=C4:AD:34:2F:gg:69 auto-mac=no comment=defconf name=bridge
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 \
service-name=Ultel use-peer-dns=yes user=091289898
/interface pptp-client
add add-default-route=yes allow=mschap2 connect-to=famv.tk disabled=no \
name=pptp-ev1 user=turkel
/caps-man configuration
add datapath.bridge=bridge mode=ap name=CAPs security.authentication-types=\
wpa2-psk security.encryption=aes-ccm ssid=TurkelNet
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.1.200-192.168.1.254
add name=vpn ranges=192.168.89.2-192.168.89.255
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/ppp profile
set *FFFFFFFE dns-server=192.168.1.1 local-address=192.168.89.1 \
remote-address=vpn use-encryption=required
/system logging action
set 0 memory-lines=10000
set 1 disk-file-count=4 disk-lines-per-file=10000
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp"
/caps-man manager
set enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=CAPs
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=sfp1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=all
/interface l2tp-server server
set enabled=yes use-ipsec=yes
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=pppoe-out1 list=WAN
/interface pptp-server server
set enabled=yes
/interface sstp-server server
set default-profile=default-encryption enabled=yes
/ip address
add address=192.168.1.1/24 comment=defconf interface=bridge network=\
192.168.1.0
add address=93.111.111.19 interface=pppoe-out1 network=81.11.11.113
/ip arp
add address=192.168.1.10 interface=bridge mac-address=D0:27:88:AD:D7:03
add address=192.168.1.11 interface=bridge mac-address=92:DF:E8:DB:2A:B8
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server lease
add address=192.168.1.10 client-id=\
ff:88:ad:d7:3:0:1:0:1:27:80:ca:ec:d0:27:88:ad:d7:3 mac-address=\
D0:27:88:AD:D7:03 server=defconf
add address=192.168.1.11 client-id=\
ff:e8:db:2a:b8:0:1:0:1:25:a4:a8:95:92:df:e8:db:2a:b8 mac-address=\
92:DF:E8:DB:2A:B8 server=defconf
add address=192.168.1.82 client-id=\
ff:28:1c:a:dc:0:1:0:1:27:81:ae:8b:26:6a:28:1c:a:dc mac-address=\
26:6A:28:1C:0A:DC server=defconf
add address=192.168.1.30 client-id=\
ff:3e:4d:b9:42:0:1:0:1:27:81:ae:81:7a:41:6c:f3:a0:3d mac-address=\
FA:EC:3E:4D:B9:42 server=defconf
add address=192.168.1.72 mac-address=E0:61:B2:33:EC:7E server=defconf
add address=192.168.1.71 mac-address=E0:61:B2:33:E7:22 server=defconf
add address=192.168.1.80 client-id=\
ff:51:94:af:a1:0:1:0:1:27:8c:b2:a4:3a:c0:51:94:af:a1 mac-address=\
3A:C0:51:94:AF:A1 server=defconf
add address=192.168.1.50 mac-address=76:47:A0:BF:B8:97 server=defconf
add address=192.168.1.81 client-id=\
ff:65:81:73:7b:0:1:0:1:27:a9:85:d3:9a:d5:65:81:73:7b mac-address=\
9A:D5:65:81:73:7B server=defconf
add address=192.168.1.20 client-id=\
ff:c4:ff:ee:e3:0:1:0:1:27:af:4:8b:aa:7f:c4:ff:ee:e3 mac-address=\
AA:7F:C4:FF:EE:E3 server=defconf
add address=192.168.1.250 client-id=1:e8:2a:44:db:c0:f7 mac-address=\
E8:2A:44:DB:C0:F7 server=defconf
add address=192.168.1.70 client-id=1:28:57:be:89:41:be mac-address=\
28:57:BE:89:41:BE server=defconf
add address=192.168.1.60 client-id=\
ff:99:4b:e8:e2:0:1:0:1:27:8c:b2:a4:3a:c0:51:94:af:a1 mac-address=\
46:65:99:4B:E8:E2 server=defconf
add address=192.168.1.83 client-id=\
ff:a6:dd:3b:2a:0:1:0:1:27:8c:b2:a4:3a:c0:51:94:af:a1 mac-address=\
7E:52:A6:DD:3B:2A server=defconf
add address=192.168.1.21 client-id=\
ff:8e:2b:6c:2a:0:1:0:1:27:8c:b2:a4:3a:c0:51:94:af:a1 mac-address=\
62:F7:8E:2B:6C:2A server=defconf
add address=192.168.1.90 client-id=\
ff:c1:82:5c:1c:0:1:0:1:2a:f:79:b3:c2:f9:c1:82:5c:1c mac-address=\
C2:F9:C1:82:5C:1C server=defconf
/ip dhcp-server network
add address=192.168.1.0/24 comment=defconf gateway=192.168.1.1 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.1.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=accept chain=input comment="allow IPsec NAT" dst-port=4500 \
protocol=udp
add action=accept chain=input comment="allow IKE" dst-port=500 protocol=udp
add action=accept chain=input comment="allow l2tp" dst-port=1701 protocol=udp
add action=accept chain=input comment="allow pptp" dst-port=1723 protocol=tcp
add action=accept chain=input comment="allow sstp" dst-port=443 protocol=tcp
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
# no interface
add action=accept chain=input dst-port=80,8291 in-interface=*F00024 protocol=\
tcp
/ip firewall nat
add action=masquerade chain=srcnat dst-address=192.168.1.11 dst-port=80,443 \
out-interface-list=LAN protocol=tcp src-address=192.168.1.0/24
add action=dst-nat chain=dstnat dst-address=93.111.111.19 dst-port=80,443 \
protocol=tcp to-addresses=192.168.1.11
add action=src-nat chain=srcnat src-address=192.168.1.50 to-addresses=\
81.21.95.114
add action=src-nat chain=srcnat src-address=192.168.1.11 to-addresses=\
93.111.111.19
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat dst-address=93.111.111.19 dst-port=2345 \
protocol=tcp to-addresses=192.168.1.238 to-ports=5432
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=\
192.168.89.0/24
add action=dst-nat chain=dstnat dst-address=93.111.111.19 dst-port=500 \
protocol=tcp to-addresses=192.168.1.1 to-ports=500
add action=masquerade chain=srcnat
/ip route
add distance=1 gateway=pptp-ev1 routing-mark=pptp-ev1
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=ether1 type=external
add interface=bridge type=internal
/lcd
set color-scheme=light default-screen=stats-all
/ppp secret
add name=vpn
/system clock
set time-zone-name=Asia
/system identity
set name=TNet
/system package update
set channel=development
/system scheduler
add interval=1d name=Reboot on-event="system reboot" policy=reboot \
start-date=jan/03/2021 start-time=06:00:00
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Regards